Description
The SUSE Linux Enterprise 12 kernel was updated to receive various
security and bugfixes.
Following security bugs were fixed:
- CVE-2015-7550: A local user could have triggered a race between read and
revoke in keyctl (bnc#958951).
- CVE-2015-8539: A negatively instantiated user key could have been used
by a local user to leverage privileges (bnc#958463).
- CVE-2015-8543: The networking implementation in the Linux kernel did not
validate protocol identifiers for certain protocol families, which
allowed local users to cause a denial of service (NULL function pointer
dereference and system crash) or possibly gain privileges by leveraging
CLONE_NEWUSER support to execute a crafted SOCK_RAW application
(bnc#958886).
- CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers
could have lead to double fetch vulnerabilities, causing denial of
service or arbitrary code execution (depending on the configuration)
(bsc#957988).
- CVE-2015-8551, CVE-2015-8552: xen/pciback: For
XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled
(bsc#957990).
- CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in
drivers/net/ppp/pptp.c in the Linux kernel did not verify an address
length, which allowed local users to obtain sensitive information from
kernel memory and bypass the KASLR protection mechanism via a crafted
application (bnc#959190).
- CVE-2015-8575: Validate socket address length in sco_sock_bind() to
prevent information leak (bsc#959399).